dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
223 Commits 11 Branches 78 Tags
Commit Graph

43 Commits

Author SHA1 Message Date
mayhew64
84ca966ce5 Added client side validation to HiddenFieldTampering.java, added a new ECS makeButton with a OnClick function, corrected authorship in several files 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@220 4033779f-a91e-0410-96ef-6bf7bf53c507
 2008-01-09 13:28:07 +00:00
mayhew64
ee0bc82bec Single platform build.xml 
Modified Lesson banners
Solutions guide and framework

git-svn-id: http://webgoat.googlecode.com/svn/trunk@213 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-10-08 20:37:43 +00:00
rogan.dawes
a9fe7e6099 Implement non-coding modes for the labs 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@211 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-25 12:57:57 +00:00
rogan.dawes
b67bb702d2 Fix more places where the email address was hard-coded 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@208 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-25 12:56:35 +00:00
rogan.dawes
0c2e04c655 Remove unused import 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@193 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:35:06 +00:00
rogan.dawes
7af27f7d1b Make per-user in-memory databases actually work 
Previously we would just get a connection to the same database, regardless
of the user specified in the connect string. Trying to create
HSQLDB users did not seem to work. Non-ADMIN users don't have
CREATE TABLE privileges, it seems, and I couldn't find docs that
describe how to GRANT CREATE TABLE privileges. Go figure.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@192 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:34:53 +00:00
rogan.dawes
d04371884b Allow WebGoat to create per-user databases 
This creates the infrastructure to allow WebGoat to create per-user
databases, so that any modifications made by one user do not affect
other users. Some lessons may have made provision for this internally
(e.g. CrossSiteScripting lesson), but this simplifies things generally.

This also switches the default database from Access on windows, and
Enhydra on Unix/other platforms to using HSQLDB, in an "in-memory"
configuration. We may get performance problems from having too many
instances of the database in memory at once at sites that have 10's
of users banging on a central WebGoat. Only time will tell.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@190 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:34:14 +00:00
rogan.dawes
9e352396d3 Remove warnings by generic'ising users of Collections classes 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@188 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:32:59 +00:00
rogan.dawes
4a70fdac26 Add automatically generated serialVersionUID to silence warnings 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@186 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:32:08 +00:00
rogan.dawes
d709ff9506 Fix warnings 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@185 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:31:42 +00:00
rogan.dawes
9ea97126b8 Use AbstractLesson.getLink() and getFormAction() more 
Rather than constructing URL's manually all the time, rather
make use of existing mechanisms to create the URL, and use
it consistently.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@184 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-18 13:31:11 +00:00
rogan.dawes
d889f6e535 Reset to the first stage when restarting the lesson 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@166 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:53:51 +00:00
rogan.dawes
dc8914f4e1 Allow for simple restarting of a lesson. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@163 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:53:00 +00:00
rogan.dawes
cb794dcb50 Calculate the stage changes correctly 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@161 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:52:23 +00:00
rogan.dawes
2bda4a81f3 Migrate the labs to direct/Random access stages 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@158 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:51:29 +00:00
rogan.dawes
f5e56c7081 Extract the stage-related code from LessonTracker into SequentialLessonTracker 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@157 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-11 12:50:32 +00:00
rogan.dawes
3c2e63636c Provide a user-accessible mechanism for skipping stages 
Initially, this is only available when in debug mode
i.e. add &debug=true to the URL or set the flag in web.xml


git-svn-id: http://webgoat.googlecode.com/svn/trunk@146 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:54:12 +00:00
rogan.dawes
e6fcd4176c Make it possible to return per-stage hints 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@144 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:53:34 +00:00
rogan.dawes
d39975c299 Minor fixes - unused imports and generics 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@143 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:52:09 +00:00
rogan.dawes
661d8bcf62 Various type safety fixes (converting to generics) 
This appears to have fixed a possible bug, so is a good thing


git-svn-id: http://webgoat.googlecode.com/svn/trunk@142 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:51:40 +00:00
rogan.dawes
eaf12c706c Create WebgoatContext in HammerHead, rather than WebSession 
Now webgoatContext should effectively be a singleton, shared across
all WebSession instances. WebSession now initialises from WebgoatContext.

WebSession methods that refer to static "site wide" properties are deeted
and references to them updated to point to WebgoatContext


git-svn-id: http://webgoat.googlecode.com/svn/trunk@141 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:51:26 +00:00
rogan.dawes
53487970f6 Unify DatabaseUtilities.makeConnection() 
Remove the hack to support Web services lessons that do not have a WebSession
Now that they have their own reference to WebgoatContext, they do not need one


git-svn-id: http://webgoat.googlecode.com/svn/trunk@140 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:51:01 +00:00
rogan.dawes
ada66dae10 Pass webgoatContext to AbstractLesson, so all lessons can know their environment 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@139 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:50:36 +00:00
rogan.dawes
1849197784 Move database specific items into WebgoatContext 
Update DatabaseUtilities to use a webgoatContext to create a Connection


git-svn-id: http://webgoat.googlecode.com/svn/trunk@138 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:50:13 +00:00
rogan.dawes
c4d24dff3a Start process of moving shared data to a single place 
Shared fields like the database connection details will be
stored in a new class WebgoatContext.

For the moment, we create this object anew each time, but
we will eventually create it once, and pass it to the
constructor of WebSession, to provide initial values for
each user.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@137 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:49:57 +00:00
rogan.dawes
c3a5ec5ca8 Eliminate references to insance variable 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@136 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:49:41 +00:00
rogan.dawes
db2f11578a Replace casting with a suitable generic 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@135 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:49:28 +00:00
rogan.dawes
4cae9985f6 Fix a NullPointerException in DatabaseUtilities.writeTable 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@134 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:49:15 +00:00
rogan.dawes
294580983d Remove methods tagged DELETE_ME 
Also remove associated imports which are no longer used


git-svn-id: http://webgoat.googlecode.com/svn/trunk@131 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:48:43 +00:00
rogan.dawes
747319aab5 Move definition of standard Categories to Category class 
Also update all the referring classes


git-svn-id: http://webgoat.googlecode.com/svn/trunk@129 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:48:02 +00:00
rogan.dawes
5f67544b24 Add mechanism to close DB connections 
Oracle ends up refusing connections if we don't close them


git-svn-id: http://webgoat.googlecode.com/svn/trunk@128 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:46:17 +00:00
rogan.dawes
6f5e7c37f7 Add infrastructure to enable setting of username and password for DB access 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@127 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-07-10 11:46:01 +00:00
esheri3
6dc383b7b4 Modified all "Aspect" lessons to include the Aspect logo. The logo links to http://aspectsecurity.com. Moved the "OWASP" logo and added an Aspect logo on the main.jsp page. Adjusted the padding of the "warning" text to prevent "Start" button overlap. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@112 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-02-02 17:56:23 +00:00
esheri3
265c56b302 Fixed a bug which caused the RoleBasedAccessControl_i class to be instantiated and inserted into the navigation menu. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@78 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-01-23 19:11:32 +00:00
esheri3
1ad2fd45d3 Fixed bug preventing the source from being displayed. Basic code clean-up as well. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@77 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-01-23 18:56:42 +00:00
esheri3
7cd01d8656 The old Course object used some insane recursion, causing my JVM to spike at 100%. Furthermore, it increased the WebGoat initial startup time to roughly 1:30-2:00 minutes (for me). In order to address the disk access overhead (the current greatest impacter of performance), we now cache the file names before parsing the lessons and their resources. 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@72 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-01-22 22:25:50 +00:00
mayhew64
8b51818508 Changed remaining contact information to reference an email address I receive (webgoat@g2-inc.com) 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@61 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-01-16 18:29:06 +00:00
mayhew64
fd9b60f98e Added some files required to build OWASP release. 
Modified License text and format to reflect GPL license.
Reformatted most of the code.

git-svn-id: http://webgoat.googlecode.com/svn/trunk@60 4033779f-a91e-0410-96ef-6bf7bf53c507
 2007-01-16 14:56:40 +00:00
sherif.fathy
80a2add2d7 - This patch fixes Forced Browsing lesson by removing any custom coding for WebSession and HammerHead.java 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@34 4033779f-a91e-0410-96ef-6bf7bf53c507
 2006-12-04 04:35:04 +00:00
mayhew64
e5b3b00b0f General cleanup of warnings, fixed a few method scope issues and incorrect use of static references to categories 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@30 4033779f-a91e-0410-96ef-6bf7bf53c507
 2006-11-03 23:55:08 +00:00
sherif.fathy
fae3c3f047 patch to fix a last minute typo and an unwanted import statement 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@29 4033779f-a91e-0410-96ef-6bf7bf53c507
 2006-11-03 02:50:12 +00:00
sherif.fathy
6a59cd6e6e git-svn-id: http://webgoat.googlecode.com/svn/trunk@28 4033779f-a91e-0410-96ef-6bf7bf53c507 2006-11-03 01:14:36 +00:00
mayhew64
a8ce18c72e Moved remotely 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@8 4033779f-a91e-0410-96ef-6bf7bf53c507
 2006-09-30 13:25:59 +00:00